CVE-2025-62779 LOW

CVE-2025-62779: Frappe Learning users were able to add HTML through input fields in the Job Form

Vendor Frappe

Product lms

Weakness CWE-79 · XSS

Published October 27, 2025

Last update October 28, 2025

View on NVD All CVEs

CVSS base score

1.2/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

What the vulnerability does

01Description

Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in the Job Form.

Key dates

02Disclosure timeline

October 27, 2025 CVE published

October 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-62779 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-8362 GoogleTag Manager - Moderately critical - Cross-site scripting - SA-CONTRIB-2025-094 CVE-2023-51514 WordPress CBX Bookmark & Favorite Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS) CVE-2025-28914 WordPress wordpress login form to anywhere plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability CVE-2025-32492 WordPress Admin Menu Post List plugin <= 2.0.7 - Cross Site Scripting (XSS) Vulnerability CVE-2026-28223 Wagtail: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface